[Samba] Reliable DNS failover for Samba AD with dnsdist
Luis Peromarta
lperoma at icloud.com
Sat May 17 21:36:11 UTC 2025
Hi all,
I’ve been working on improving DNS failover for Samba AD setups with internal DNS (I guess BIND would be able to handle the forwarding itself in a better failover fashion).
As many of you know, the dual dns forwarder setting in Samba works, but failover is slow—Samba waits for timeouts before switching servers, which can cause delays and SERVFAILs.
To solve this, I’ve placed dnsdist between Samba and the real resolvers (Pi-hole in my case). Samba forwards all external DNS to 127.0.0.1:5353, where dnsdist handles health checks, load balancing (leastOutstanding), and fast failover. It´s literally a 5 minute job.
I ran stress tests with over 100k queries while killing one resolver mid-test. dnsdist handled the failure smoothly, with <0.05% loss and fast recovery.
This is how failover should work in Samba, and with dnsdist, it finally does.
Details and configs are in the wiki:
http://samba.bigbird.es/doku.php?id=samba:resilient-dns
All the best,
More information about the samba
mailing list